Ci4-cms-erp

Ci4ms

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-41891

  • EPSS 0.27%
  • Veröffentlicht 07.05.2026 04:16:33
  • Zuletzt bearbeitet 07.05.2026 14:57:13

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commen...

6.9

CVE-2026-41890

  • EPSS 0.34%
  • Veröffentlicht 07.05.2026 04:16:33
  • Zuletzt bearbeitet 07.05.2026 15:16:09

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess() action accepts a POST parameter tables...

8.6

CVE-2026-41587

  • EPSS 0.5%
  • Veröffentlicht 07.05.2026 04:16:27
  • Zuletzt bearbeitet 07.05.2026 15:16:07

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend us...

9.4

CVE-2026-41203

  • EPSS 0.48%
  • Veröffentlicht 07.05.2026 04:16:27
  • Zuletzt bearbeitet 07.05.2026 15:16:06

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry ...

9.4

CVE-2026-41202

  • EPSS 0.53%
  • Veröffentlicht 07.05.2026 04:16:27
  • Zuletzt bearbeitet 07.05.2026 14:57:13

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entr...

9.1

CVE-2026-41201

  • EPSS 0.33%
  • Veröffentlicht 07.05.2026 04:16:26
  • Zuletzt bearbeitet 07.05.2026 14:57:13

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS...

9.8

CVE-2026-39394

Exploit
  • EPSS 0.52%
  • Veröffentlicht 08.04.2026 14:32:31
  • Zuletzt bearbeitet 16.04.2026 00:00:36

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index() controller reads the host POST parameter without any validation and ...

8.1

CVE-2026-39393

Exploit
  • EPSS 0.42%
  • Veröffentlicht 08.04.2026 14:31:44
  • Zuletzt bearbeitet 16.04.2026 00:02:57

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check (cache('settings...

4.8

CVE-2026-39392

Exploit
  • EPSS 0.25%
  • Veröffentlicht 08.04.2026 14:30:59
  • Zuletzt bearbeitet 16.04.2026 00:09:55

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the html_purify validation rule to content fields during ...

4.8

CVE-2026-39391

Exploit
  • EPSS 0.23%
  • Veröffentlicht 08.04.2026 14:30:18
  • Zuletzt bearbeitet 16.04.2026 00:14:31

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist (ban) note parameter in UserController::ajax_blackList_post() is stored in ...